a = bq + r where 0 r < b.

Transcription

1 Lecture 5: Euclid s algorithm Introduction The fundamental arithmetic operations are addition, subtraction, multiplication and division. But there is a fifth operation which I would argue is just as fundamental and that is the operation of taking greatest common divisors. It might be thought that this operation is not fundamental because it depends on the others for its definition. But this argument also applies to multiplication, which is repeated addition, and division, which is repeated subtraction. A better argument for the importance of this operation is that it is the key to unlocking many of the deeper properties of the natural numbers. These properties are interesting in themselves and pivotal in appreciating the applications of number theory to cryptography. In the remainder of this lecture, I shall review the theory of the greatest common divisor of two natural numbers. I shall assume that you have met this before and so in the lecture itself I shall give a summary account whereas in the written notes I shall provide extra information for private study, if you need it. I shall use the following notation. We denote by N the set of natural numbers I include zero and by Z the set of integers. Gcd s The following result is simple but at the same time very useful. It can be proved using the following idea. For simplicity let s assume that both a and b are positive. If 0 < a < b then b 0 < a < b 1. If a b then we can always find a q such that bq a < bq + 1. We therefore have the following. Lemma 0.1 Remainder Theorem. Let a,b Z where b > 0. Then there are unique integers q and r such that where 0 r < b. a = bq + r The number q is called the quotient and the number r is called the remainder. For example, if we consider the pair of natural numbers 14 and 3 then 14 = where 4 is the quotient and 2 is the remainder. Let a and b be integers. We say that a divides b if there is a q such that b = aq. In other words, there is no remainder. We also say that a 1

2 2 is a divisor of b. We write a b to mean the same thing as a divides b. 1 Warning! a b does not mean the same thing as a. The latter is a b number, the former is a statement about two numbers. Let a,b N. A number d which divides both a and b is called a common divisor. The largest number which divides both a and b is called the greatest common divisor of a and b and is denoted by gcda,b. A pair of natural numbers a and b is said to be coprime if gcda,b = 1. Special case We define gcd0, 0 = 0 for completeness. Example 0.2. Consider the numbers 12 and 16. The set of divisors of 12 is the set {1, 2, 3, 4, 6, 12}. The set of divisors of 16 is the set {1, 2, 4, 8, 16}. The set of common divisors is the intersection of these two sets: namely, {1, 2, 4}. The largest common divisor of 12 and 16 is therefore 4. Thus gcd12, 16 = 4. A simple practical application of greatest common divisors is in simplifying fractions. For example, the fraction 12 is equal to the fraction 16 3 because we can divide out the common factor of numerator and denominator. The fraction which results cannot be simplified further and 4 is in its lowest terms. We now justify this claim. The following result tells us that if we divide out the greatest common divisor of a pair of numbers, then the pair of numbers that results is coprime. Lemma 0.3. Let d = gcda,b. Then gcd a d, b d = 1. Proof. Let a = a d and b = b d. Suppose that e a and e b. Then d d a = ex and b = ey for some natural numbers x and y. Thus a = exd d d and b = eyd. Observe that ed a and ed b. But d is the greatest common divisor and so e = 1, as required. If the numbers a and b are large, then calculating their gcd in the way suggested by the definition would be time-consuming and errorprone. The definition of the gcd of two numbers gives no clue that there might be a fast way of computing it. We want to find an efficient way of calculating the greatest common divisor. The following lemma is the basis of just such an efficient method. 1 Observe that if a is nonzero, then a a, if a b and b a then a = ±b, and finally if a b and b c then a c.

3 Lemma 0.4. Let a,b N, where b 0, and let a = bq + r where 0 r < b by the Remainder Theorem. Then gcda,b = gcdb,r. Proof. Let d be a common divisor of a and b. Since a = bq +r we have that a bq = r so that d is also a divisor of r. It follows that any divisor of a and b is also a divisor of b and r. Now let d be a common divisor of b and r. Since a = bq + r we have that d divides a. Thus any divisor of b and r is a divisor of a and b. It follows that the set of common divisors of a and b is the same as the set of common divisors of b and r. Thus gcda,b = gcdb,r. The point is that b < a and r < b. So calculating gcdb,r will be easier than calculating gcda, b because the numbers involved are smaller. Compare { }} { a = bq + r with a = bq + r } {{ }. The above result is the basis of an efficient algorithm for computing greatest common divisors. It was described by Euclid around 300 BC in his book the Elements in Propositions 1 and 2 of Book VII. Algorithm 0.5 Euclid s algorithm. Input: a,b N such that a b and b 0. Output: gcda, b. Procedure: write a = bq+r where 0 r < b. Then gcda,b = gcdb,r. If r 0 then repeat this procedure with b and r and so on. The last non-zero remainder is gcda,b Example 0.6. Let s calculate gcd19, 7 using Euclid s algorithm. I have highlighted the numbers that are involved at each stage. By our result above we have that 19 = = = = gcd19, 7 = gcd7, 5 = gcd5, 2 = gcd2, 1 = gcd1, 0. The last non-zero remainder is 1 and so gcd19, 7 = 1 and, in this case, the numbers are coprime. 3

4 4 Theorem 0.7 Bézout. There are integers x and y such that gcda,b = xa + yb. I shall prove this theorem using the following. Algorithm 0.8 Extended Euclidean algorithm. Input: a,b N where a b and b 0. Output: numbers x,y Z such that gcda,b = xa + yb. Procedure: apply Euclid s algorithm to a and b; working from bottom to top rewrite each remainder in turn. Example 0.9. This is a little involved so I have split the process up into steps. I shall apply the extended Euclidean algorithm to the example I calculated above. I have highlighted the non-zero remainders wherever they occur, and I have discarded the last equality where the remainder was zero. I have also marked the last non-zero remainder. 19 = = = The first step is to rearrange each equation so that the non-zero remainder is alone on the lefthand side. 5 = = = Next we reverse the order of the list 1 = = = We now start with the first equation. The lefthand side is the gcd we are interested in. We treat all other remainders as algebraic quantities and systematically substitute them in order. Thus we begin with the first equation The next equation in our list is 1 = = 7 5 1

5 so we replace 2 in our first equation by the expression on the right to get 1 = We now rearrange this equation by collecting up like terms treating the highlighted remainders as algebraic objects to get 1 = We can of course make a check at this point to ensure that our arithmetic is correct. The next equation in our list is 5 = so we replace 5 in our new equation by the expression on the right to get 1 = Again we rearrange to get 1 = The algorithm now terminates and we can write gcd19, 7 = , as required. We can also, of course, easily check the answer! Here is an application of Bézout s theorem. Lemma c a and c b iff c gcda,b Proof. Let d = gcda,b. Suppose that c a and c b. We can find integers x and y such that d = xa + yb. It follows immediately that c d. Conversely, suppose that c d. By definition d a and d b so it is immediate that c a and c b. Euclid s Elements Euclid s algorithm turns out to be of fundamental importance in modern cryptography. It is therefore perhaps surprising that it is 2,300 years old. We know virtually nothing about Euclid himself although by the close scrutiny of ancient texts scholars have deduced that he lived around 300BC, that he was probably educated in Athens, and that his working life was spent in Alexandria. Despite the obscurity of his life, he is famous because of the book he wrote known in English as the Elements from the Greek Stoicheia. This book is the single most influential maths book ever written, arguably the most influential science book ever written, and one of the most influential books period, as the Americans would say ever written. 5

6 6 I have some difficulty in whether to call it a book or books. It is usually described as consisting of thirteen books, numbered I-XIII, but we would nowadays regard these as individual chapters each of which being originally written on a single roll of papyrus. Euclid s magnum opus is commonly regarded as a geometry book and it is certainly true that it contains the foundations of both plane and solid geometry: Pythagoras theorem is the highlight of Book I, Book IV constructs some regular polygons and Book XIII is all about the Platonic solids. The geometric aspects of the Elements were the foundations of building and surveying the great European cathedrals contain embodiments of some of Euclid s theorems but they also stirred the imagination of subsequent mathematicians leading to the development of non-euclidean geometry in the nineteenth century. Our modern understanding of the large-scale structure of the universe is based on this mathematics. But this book also contains some basic algebra, although it is disguised to our eyes as geometry, in Book II, and, particularly relevant to this course, it contains the basics of number theory in Books VII and IX. We shall meet some more of Euclid s results over the course of the next few lectures. Blankinship s algorithm This is an alternative procedure to the extended Euclidean algorithm that delivers exactly the same information but in a much easier form and is the one I recommend. It uses matrix theory and was described by W. A. Blankinship in A new version of the Euclidean algorithm American Mathematical Monthly , To explain how it works, let s go back to the basic step of Euclid s algorithm. If a b then we divide b into a and write a = bq + r where 0 r b. The key point is that gcda, b = gcdb, r. We shall now think of a,b and b,r as column matrices a r,. b b We want the 2 2 matrix that maps a r to b b.

7 This is the matrix Thus 1 q q 0 1 a b. r = b Finally, we can describe the process by the following matrix operation 1 0 a 1 q r 0 1 b 0 1 b by carrying out an elementary row operation. This procedure can be iterated. It will terminate when one of the entries in the righthand column is 0. The non-zero entry will then be the greatest common divisor of a and b and the matrix on the lefthand side will tell you how to get to 0, gcda,b from a,b and so will provide the information that the Euclidean algorithm provides. All of this is best illustrated by means of an example. Let s calculate x,y such that gcd2520, 154 = xa + yb. We start with the matrix If we divide 154 into 2520 it goes 16 times plus a remainder. Thus we subtract 16 times the second row from the first to get We now repeat the process but, since the larger number, 154, is on the bottom, we have to subtract some multiple of the first row from the second. This time we subtract twice the first row from the second to get Now repeat this procedure to get And again

8 8 The process now terminates because we have a zero in the rightmost column. The non-zero entry in the rightmost column is gcd2520, 154. We also know that = 0 Now this matrix equation corresponds to two equations. The bottom one can be verified. The top one says that 14 = Gauss s Lemma We can use Bézout s theorem to prove a result which is one of the most useful in number theory. Suppose that c ab. In general, we cannot make any deductions about whether c divides a or b. For example, but neither 6 nor 35 are divisible by 15. However, if we know in addition that gcdc, a = 1, that is that c and a are coprime, then we can deduce that c b. This result is called Gauss s Lemma. Here is the proof. We are told that gcdc,a = 1. By Bézout s theorem there exist integers x and y such that 1 = cx + ay. Multiply both sides of this equation by b to get b = bcx + aby. Now c bcx and c aby and so c b, as required. Linear Diophantine equations This is an application of Bézout s theorem which again I assume you have met before. The details here are therefore for private study if you haven t. Named after the third century Greek mathematician Diophantus, a Diophantine equation is an equation where we are interested only in the integer solutions. In this section, we are interested in equations of the form ax + by = c where a,b,c are integers and where we require solutions x,y to be integers as well. Think geometrically: ax + by = c is a line in the plane and we want to know which lattice points are on this line where a lattice point is a point x,y where both x and y are integers. Theorem A necessary and sufficient condition for the equation ax + by = c.

9 to have an integer solution is that gcda,b c. If this condition is satisfied, and x 0,y 0 is any one solution and d = gcda,b then all solutions are obtained as follows x b x0 = + n d y y 0 a d where n Z is arbitrary. Proof. I shall sketch out the proof. Suppose first that ax 0 + by 0 = c is a solutions in integers. Then clearly gcda,b c. We now prove tha converse. Suppose that gcda,b c. Put d = gcda,b. Then a and b are coprime. Thus by Bézout s theorem there d d are integers x and y such that 1 = a d x + b d y. If we multiply both sides by c we get that c = a d cx + b d cy. 9 We may write this as c = a c d x + b c d y. Put x 0 = c d x and y 0 = c d y both integers by our assumption. We have proved that the equation has a solution and we have shown how to find one. It is an easy exercise to check that for any n Z, the following are all solutions b x0 + n d y 0 a d It remains to show now that every solution has the above form. Let ax + by = c be any solution. Subtract from this the solution ax 0 + by 0 = c to get ax x 0 + by y 0 = 0. Thus a d x x 0 = b d y y 0. But a and b are coprime. We now apply Gauss s Lemma. We deduce d d that b divides x x d 0. We may therefore write x = x 0 + n b d for some n Z. But this implies that y y 0 = n a d.

CONSTRUCTION OF THE FINITE FIELDS Z p S. R. DOTY Elementary Number Theory We begin with a bit of elementary number theory, which is concerned solely with questions about the set of integers Z = {0, ±1,

CHAPTER 2 Mathematics of Cryptography Part I: Modular Arithmetic, Congruence, and Matrices Objectives This chapter is intended to prepare the reader for the next few chapters in cryptography. The chapter

Continued Fractions and the Euclidean Algorithm Lecture notes prepared for MATH 326, Spring 997 Department of Mathematics and Statistics University at Albany William F Hammond Table of Contents Introduction

EPFL - Section de Mathématiques Algebra for Digital Communication Fall semester 2008 Solutions for exercise sheet 1 Exercise 1. i) We will do a proof by contradiction. Suppose 2 a 2 but 2 a. We will obtain

8 Primes and Modular Arithmetic 8.1 Primes and Factors Over two millennia ago already, people all over the world were considering the properties of numbers. One of the simplest concepts is prime numbers.

Intermediate Math Circles March 7, 2012 Linear Diophantine Equations II Last week: How to find one solution to a linear Diophantine equation This week: How to find all solutions to a linear Diophantine

Course notes on Number Theory In Number Theory, we make the decision to work entirely with whole numbers. There are many reasons for this besides just mathematical interest, not the least of which is that

Section 4.2: The Division Algorithm and Greatest Common Divisors The Division Algorithm The Division Algorithm is merely long division restated as an equation. For example, the division 29 r. 20 32 948

Theorem (The division theorem) Suppose that a and b are integers with b > 0. There exist unique integers q and r so that a = bq + r and 0 r < b. We re dividing a by b: q is the quotient and r is the remainder,

MTHSC 412 Section 2.4 Prime Factors and Greatest Common Divisor Greatest Common Divisor Definition Suppose that a, b Z. Then we say that d Z is a greatest common divisor (gcd) of a and b if the following

CLASS 3, GIVEN ON 9/27/2010, FOR MATH 25, FALL 2010 1. Greatest common divisor Suppose a, b are two integers. If another integer d satisfies d a, d b, we call d a common divisor of a, b. Notice that as

Chapter 1 LINEAR EQUATIONS 1.1 Introduction to linear equations A linear equation in n unknowns x 1, x,, x n is an equation of the form a 1 x 1 + a x + + a n x n = b, where a 1, a,..., a n, b are given

Chapter 6 Number Theory The material in this chapter offers a small glimpse of why a lot of facts that you ve probably nown and used for a long time are true. It also offers some exposure to generalization,

CHAPTER 4 Direct Proof It is time to prove some theorems. There are various strategies for doing this; we now examine the most straightforward approach, a technique called direct proof. As we begin, it

Congruences Robert Friedman Definition of congruence mod n Congruences are a very handy way to work with the information of divisibility and remainders, and their use permeates number theory. Definition

Today s Topics Primes & Greatest Common Divisors Prime representations Important theorems about primality Greatest Common Divisors Least Common Multiples Euclid s algorithm Once and for all, what are prime

Lecture 1: Elementary Number Theory The integers are the simplest and most fundamental objects in discrete mathematics. All calculations by computers are based on the arithmetical operations with integers

CS 70 Discrete Mathematics and Probability Theory Fall 2009 Satish Rao, David Tse Note 5 Modular Arithmetic One way to think of modular arithmetic is that it limits numbers to a predefined range {0,1,...,N

MODULAR ARITHMETIC 1 Working With Integers The usual arithmetic operations of addition, subtraction and multiplication can be performed on integers, and the result is always another integer Division, on

178 4. Number Theory: Fermat s Last Theorem Exercise 4.7: A primitive Pythagorean triple is one in which any two of the three numbers are relatively prime. Show that every multiple of a Pythagorean triple

DEFINITION: GREATEST COMMON DIVISOR The greatest common divisor (gcd) of a and b, denoted by (a, b), is the largest common divisor of integers a and b. THEOREM: If a and b are nonzero integers, then their

CHAPTER 3 Numbers and Numeral Systems Numbers play an important role in almost all areas of mathematics, not least in calculus. Virtually all calculus books contain a thorough description of the natural,

9. The Pails of Water Problem You have a 5 and a 7 quart pail. How can you measure exactly 1 quart of water, by pouring water back and forth between the two pails? You are allowed to fill and empty each

Discrete Mathematics Lecture 3 Elementary Number Theory and Methods of Proof Harper Langston New York University Proof and Counterexample Discovery and proof Even and odd numbers number n from Z is called

Handout of NUMBER THEORY by Kus Prihantoso Krisnawan MATHEMATICS DEPARTMENT FACULTY OF MATHEMATICS AND NATURAL SCIENCES YOGYAKARTA STATE UNIVERSITY 2012 Contents Contents i 1 Some Preliminary Considerations

3. APPLICATIONS OF NUMBER THEORY 163 3. Applications of Number Theory 3.1. Representation of Integers. Theorem 3.1.1. Given an integer b > 1, every positive integer n can be expresses uniquely as n = a

Topic 2 Solving Equations Introduction: When you are given the value of a variable and an algebraic expression then you can evaluate the expression. For example, If you are told that x = 6 then the value

1. LINEAR EQUATIONS A linear equation in n unknowns x 1, x 2,, x n is an equation of the form a 1 x 1 + a 2 x 2 + + a n x n = b, where a 1, a 2,..., a n, b are given real numbers. For example, with x and

Chapter Two Number Theory 2.1 INTRODUCTION Number theory is that area of mathematics dealing with the properties of the integers under the ordinary operations of addition, subtraction, multiplication and

MATH 23: SYSTEMS OF LINEAR EQUATIONS Systems of Linear Equations In the plane R 2 the general form of the equation of a line is ax + by = c and that the general equation of a plane in R 3 will be we call

CHAPTER 7 Proving Non-Conditional Statements The last three chapters introduced three major proof techniques: direct, contrapositive and contradiction. These three techniques are used to prove statements

Section 4.1: Systems of Equations Systems of equations A system of equations consists of two or more equations involving two or more variables { ax + by = c dx + ey = f A solution of such a system is an

MATH10040 Chapter 2: Prime and relatively prime numbers Recall the basic definition: 1. Prime numbers Definition 1.1. Recall that a positive integer is said to be prime if it has precisely two positive

ENGG 2440A: Discrete Mathematics for Engineers Lecture 4 The Chinese University of Hong Kong, Fall 2014 6 and 7 October 2014 Number theory is the branch of mathematics that studies properties of the integers.

Chapter 4, Arithmetic in F [x] Polynomial arithmetic and the division algorithm. We begin by defining the ring of polynomials with coefficients in a ring R. After some preliminary results, we specialize

Numerical Analysis Lecture Notes Peter J. Olver 4. Gaussian Elimination In this part, our focus will be on the most basic method for solving linear algebraic systems, known as Gaussian Elimination in honor

DIVISIBILITY AND GREATEST COMMON DIVISORS KEITH CONRAD 1 Introduction We will begin with a review of divisibility among integers, mostly to set some notation and to indicate its properties Then we will

Solving Simultaneous Linear Equations 3.4 Introduction Equations often arise in which there is more than one unknown quantity. When this is the case there will usually be more than one equation involved.

MathsTrack (NOTE Feb 2013: This is the old version of MathsTrack. New books will be created during 2013 and 2014) Topic 4 Module 9 Introduction Systems of to Matrices Linear Equations Income = Tickets!

MATH31: Number Theory Homework until Test # Philipp BRAUN Section 3.1 page 43, 1. It has been conjectured that there are infinitely many primes of the form n. Exhibit five such primes. Solution. Five such

Euclid s Algorithm for the Greatest Common Divisor Desh Ranjan Department of Computer Science New Mexico State University 1 Numbers, Division and Euclid People have been using numbers, and operations on

CHAPTER 5 Number Theory 1. Integers and Division 1.1. Divisibility. Definition 1.1.1. Given two integers a and b we say a divides b if there is an integer c such that b = ac. If a divides b, we write a

Fibonacci Numbers and Greatest Common Divisors The Finonacci numbers are the numbers in the sequence 1, 1, 2, 3, 5, 8, 13, 21, 34, 55, 89, 144,.... After starting with two 1s, we get each Fibonacci number

Mathematicians have tried in vain to this day to discover some order in the sequence of prime numbers, and we have reason to believe that it is a mystery into which the human mind will never penetrate.-

Solutions to Homework Set 3 (Solutions to Homework Problems from Chapter 2) Problems from 21 211 Prove that a b (mod n) if and only if a and b leave the same remainder when divided by n Proof Suppose a

Linear Programming Linear programming refers to problems stated as maximization or minimization of a linear function subject to constraints that are linear equalities and inequalities. Although the study

Math 1 Lecture #10 2.2: The Inverse of a Matrix Matrix algebra provides tools for creating many useful formulas just like real number algebra does. For example, a real number a is invertible if there is

Greatest Common Divisors and Linear Combinations Let a and b be positive integers The greatest common divisor of a and b ( gcd(a, b) ) has a close and very useful connection to things called linear combinations

APPLICATIONS OF THE ORDER FUNCTION LECTURE NOTES: MATH 432, CSUSM, SPRING 2009. PROF. WAYNE AITKEN In this lecture we will explore several applications of order functions including formulas for GCDs and

Politics and the political process affect everyone in some way. In local, state or national elections, registered voters make decisions about who will represent them and make choices about various ballot

MA257: INTRODUCTION TO NUMBER THEORY LECTURE NOTES 2016 47 4. Diophantine Equations A Diophantine Equation is simply an equation in one or more variables for which integer (or sometimes rational) solutions

Unique Factorization Waffle Mathcamp 2010 Throughout these notes, all rings will be assumed to be commutative. 1 Factorization in domains: definitions and examples In this class, we will study the phenomenon

Math Review for the Quantitative Reasoning Measure of the GRE revised General Test www.ets.org Overview This Math Review will familiarize you with the mathematical skills and concepts that are important

Solving simultaneous linear equations 3.4 Introduction Equations often arise in which there is more than one unknown quantity. When this is the case there will usually be more than one equation involved.

CHAPTER 2 Mathematics of Cryptography Part I (Solution to Odd-Numbered Problems) Review Questions 1. The set of integers is Z. It contains all integral numbers from negative infinity to positive infinity.

Induction Problems Tom Davis tomrdavis@earthlin.net http://www.geometer.org/mathcircles November 7, 2005 All of the following problems should be proved by mathematical induction. The problems are not necessarily

These notes closely follow the presentation of the material given in David C Lay s textbook Linear Algebra and its Applications (3rd edition) These notes are intended primarily for in-class presentation

TRIANGLES ON THE LATTICE OF INTEGERS Andrew Roibal and Abdulkadir Hassen Department of Mathematics Rowan University Glassboro, NJ 08028 I. Introduction In this article we will be studying triangles whose

Chapter 11 Number Theory Number theory is one of the oldest branches of mathematics. For many years people who studied number theory delighted in its pure nature because there were few practical applications

9. POLYNOMIALS 9.1. Definition of a Polynomial A polynomial is an expression of the form: a(x) = a n x n + a n-1 x n-1 +... + a 1 x + a 0. The symbol x is called an indeterminate and simply plays the role

2.2 The Inverse of a Matrix Math 2331 Linear Algebra 2.2 The Inverse of a Matrix Jiwen He Department of Mathematics, University of Houston jiwenhe@math.uh.edu math.uh.edu/ jiwenhe/math2331 Jiwen He, University

CHAPTER 6 Proof by Contradiction We now explore a third method of proof: proof by contradiction. This method is not limited to proving just conditional statements it can be used to prove any kind of statement

Chapter 1 DEGREE OF A CURVE Road Map The idea of degree is a fundamental concept, which will take us several chapters to explore in depth. We begin by explaining what an algebraic curve is, and offer two

SUM OF TWO SQUARES JAHNAVI BHASKAR Abstract. I will investigate which numbers can be written as the sum of two squares and in how many ways, providing enough basic number theory so even the unacquainted